CN104239353B - WEB classification control and log audit method - Google Patents
WEB classification control and log audit method Download PDFInfo
- Publication number
- CN104239353B CN104239353B CN201310248048.XA CN201310248048A CN104239353B CN 104239353 B CN104239353 B CN 104239353B CN 201310248048 A CN201310248048 A CN 201310248048A CN 104239353 B CN104239353 B CN 104239353B
- Authority
- CN
- China
- Prior art keywords
- website
- information
- message
- queue
- field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000012550 audit Methods 0.000 title claims abstract description 13
- 238000005516 engineering process Methods 0.000 claims abstract description 11
- 230000004044 response Effects 0.000 claims description 3
- 238000012986 modification Methods 0.000 claims description 2
- 230000004048 modification Effects 0.000 claims description 2
- 239000006093 Sitall Substances 0.000 description 4
- 230000006399 behavior Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 244000089409 Erythrina poeppigiana Species 0.000 description 1
- 235000009776 Rathbunia alamosensis Nutrition 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a WEB classification control and log audit method, which comprises the steps of firstly, identifying a website access message and inserting information to be recorded into a queue; and writing the website access logs in the queue into a database through a timer task. The method is based on pattern matching, DPI recognition and embedded database technology, and effectively solves the problems in the prior art.
Description
Technical Field
The invention relates to the technical field of computer networks, in particular to a website access behavior management and monitoring technology.
Background
In enterprises and units, employees often browse entertainment websites irrelevant to work during work, so that the work efficiency is reduced. Therefore, it is desirable for these enterprises and organizations to manage the website access behavior of employees in some way, prohibit them from accessing some kinds of websites during business hours, and keep a history of their internet access.
At present, some manufacturers provide the function, but many manufacturers simply record the content of the Host field or the URI field in the http message, which may result in too large or not accurate recorded information, and thus the practicability is not strong.
The method mainly has the following defects in conclusion:
(1) some special equipment is provided and connected behind the WAN port of the router, and if a plurality of WAN ports exist, the number of the equipment is required, which is very inconvenient.
(2) False browser messages from many p2p downloads may be misidentified as website access messages.
(3) In some cases, in order to reduce the number of the web page access records, only the value of the HOST field in the http request message is recorded, but the value of the field indicates the name of the website, and it is not possible to accurately record which web page a user accesses, so that the significance is not great.
(4) Some records are fields behind the GET, but this easily causes the problem of redundant records, for example, when accessing one www.sina.com.cn, multiple HTTP GET requests are issued at the same time, but we only need to record www.sina.com.cn the original web page access record, and other concurrent link information derived from numerous advertisements, pushes, pictures, etc. does not need to be recorded.
(5) It is unreasonable to record the internet surfing information only according to the sent http request message, and thus, the internet surfing record is still left under the condition that the network is not available or the website cannot be accessed at all.
(6) All website information is uniformly placed in a database and is not classified according to the use frequency, so that the query efficiency is low.
Disclosure of Invention
The invention provides a method for WEB classification control and log audit, aiming at various defects of the existing website access behavior management and monitoring technology. The method is based on pattern matching, DPI recognition and embedded database technology, and effectively solves the problems in the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method for WEB classification control and log audit comprises the following steps:
(1) identifying a website access message, and inserting information to be recorded into a queue;
(2) and writing the website access logs in the queue into a database through a timer task.
In a preferred embodiment of the present invention, in step (1), a DPI technology is used to identify a real HTTP request packet.
Further, a DPI technology is adopted to analyze whether the message contains an Accept-Encoding field, and if the message does not contain the Accept-Encoding field, the message is considered to be disguised as a browser message.
Further, after the message is identified, the type of the identified HTTP request message is matched with website information stored in a website library, and whether the website corresponding to the HTTP request message belongs to a website category range allowed to be accessed is determined. The website library actually comprises a third-level comparison table for storing complete website library information, a second-level comparison table for storing website information of popular websites selected from the third-level comparison table, and a first-level comparison table for storing website information of websites most frequently visited by a user. And when the types are matched, preferentially matching with the information in the first-level comparison table, if the types are not found, continuously matching with the second-level comparison table, if the types are not found, matching with the third-level comparison table, and if the types are not found, recording the website types as unclassified. Unclassified tentative permission.
And further, if the website corresponding to the HTTP request message is judged to belong to a website allowed to be accessed, further acquiring information of a Referer field in the message, adopting different strategies according to the Referer field, recording the content of the field if the field is not empty, and otherwise, splicing the content behind the Host field and the GET field and then recording the spliced content into a memory queue.
Still further, after receiving an http request message and acquiring website information of an accessed website and a control type thereof, the stream nodes in the memory queue in step (1) are established and added according to quintuple (protocol number, source IP address, source port, destination IP address, destination port) information of the message, and each stream node newly added to the queue is automatically maintained in an initial state named CHECKREQ. On the basis of this state, if a response message for accessing the website is received and the http state value is 200 (success) or 304 (unmodified), the state of the corresponding streaming node in the queue is switched to CHECKREPLY. And only if state CHECKREPLY is actually dequeued and written to the database during a subsequent timer-timed write database operation.
Further, after the website access log is stored in the database, the information stored in the first-stage comparison table is continuously and dynamically updated according to the website access log information recorded in the database.
Further, the database comprises two data tables, the first data table stores website access log information in a recent period of time, the second data table stores all website access log information, and data in the first data table is moved to the second data table within a specified time.
The scheme of the invention has the following advantages in specific implementation:
1. false browser messages which are not web page access messages are prevented from being identified and recorded by mistake.
2. The method and the device can accurately record the exact page accessed by the user, and simultaneously avoid recording some additionally sent http request messages as the page access.
3. The method and the system can effectively filter the access log information of the inaccessible website sent by the browser, reduce the audit and processing of invalid access logs and save system resources.
4. The website type matching adopts a multi-stage matching strategy, so that the efficiency is improved.
5. The method can be used for managing and monitoring the website access behaviors of the employees by various enterprises and units.
Drawings
The invention is further described below in conjunction with the appended drawings and the detailed description.
FIG. 1 is a schematic flow chart of message processing in the present invention;
FIG. 2 is a schematic diagram of a process for writing the web page access log information into the database according to the present invention.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further explained below by combining the specific drawings.
The invention realizes WEB classification control and log audit based on pattern matching, DPI recognition and embedded database technology, and mainly comprises the following steps:
firstly, identifying a website access message, and inserting information to be recorded into a queue;
and writing the website access logs in the queue into a database through a timer task.
Based on the above principle scheme, the specific implementation scheme is as follows:
(1) when the message is identified, a DPI technology is adopted to eliminate common pseudo browser messages, so that a real HTTP request message is identified. The specific method is that whether the message contains an Accept-Encoding field is analyzed through a DPI technology, and if the message does not contain the Accept-Encoding field, the message is considered to be disguised as a browser message. Therefore, the method can effectively distinguish the real HTTP request message by the scheme aiming at some downloading software and downloading data by using the pseudo browser message of the network television and only being incapable of determining whether the message is the real HTTP request message or the pseudo browser message according to the protocol number and the port number.
(2) After the message is identified, the identified HTTP request message is subjected to type matching with website information stored in a website library, and whether the website corresponding to the HTTP request message belongs to a website category range allowed to be accessed is judged.
The website library is used for storing website information for website type matching, which causes low query efficiency if only one large table is used, and three tables are used for hierarchical query: the table sitall stores complete website library information, has large data volume, only needs to be stored in a U disk, and does not need to be loaded into a memory; the table siteomn stores the website address information of the hot website selected from the table siteall, and the data size is not very large, so that the website address information can be loaded into the memory as second-level comparison and stored in the comn _ addr; the website information of the website which is stored in the table sitefreq and is most frequently accessed by the user in the last few days also needs to be loaded into a memory as a first-level comparison and stored in freq _ addr; and when the website types are matched, matching freq _ addr and comn _ addr in sequence, and if the query is not available, determining that the website type belongs to an unclassified website.
(3) For HTTP requestsAnd judging that the website corresponding to the message belongs to a website allowed to be accessed, further acquiring information of a Referer field in the message when recording a website access log corresponding to the request message, adopting different strategies according to the Referer field, recording the content of the field if the field is not empty, and otherwise, splicing and recording the content behind the Host field and the GET field. By this scheme, recording of large amounts of useless information can be avoided. Because, when a web page is accessed, e.g. the web pagewww.sina.com.cnWhen multiple HTTP page requests are sent in succession, a large amount of useless or repeated information is recorded only according to the content of the GET field or the HOST field, and since the attached HTTP requests all have the same Referer field, such as www.sina.com.cn, the recording of a large amount of useless information can be avoided if the Referer field is selected and the same replacement is performed in the database.
(4) After receiving an HTTP request message and acquiring website information of an accessed website and control types thereof, establishing corresponding stream nodes according to quintuple (protocol number, source IP address, source port, destination IP address and destination port) information of the message, adding the nodes into a memory queue, and automatically maintaining an initial state named CHECKREQ by each stream node newly added into the queue. On the basis of this state, if a response message for accessing the website is received and the http state value is 200 (success) or 304 (unmodified), the state of the corresponding node flow in the queue is switched to CHECKREPLY. And only if state CHECKREPLY is actually dequeued and written to the database during a subsequent timer-timed write database operation. So that no record of website access is left in case of failed website access. The method can effectively filter the access log information of the inaccessible website sent by the browser, reduce the audit and processing of invalid access logs and save system resources.
(5) Since only the information to be written into the database is inserted into the queue during the message check, the present invention is completed by a single timer task for the actual writing into the database.
Since the replacement operation is performed when data is written into the database, if the database is too large, the time consumption is inevitably too large. For this purpose, the invention uses two tables, table 1-surfingCurHour stores the log information of website access in the last 1 hour; table 2-surfingdata is all website access log information; and the data in table 1 was moved to table 2 every 1 hour. Thus, when the timer is overtime and data is written into the database, only a small table 1 needs to be operated, and time is saved.
The invention writes 300 records into the database every 10s by the timer task. In addition, the timing task also takes the top 1000 websites with the highest access times in the statistical table surfingdata as the content of the table sitefreq when idle, such as at night.
According to the scheme, the WEB classification control and log auditing scheme of the invention is further explained by a specific example.
In the embodiment, special equipment is not needed, the function expansion is carried out only on the basis of the broadband router, and the website library, the website log information and the like are stored in the external USB flash disk, so that the data backup of a user is facilitated.
This example, when implemented, is divided into two parts: partA: identifying a website access message, and inserting information to be recorded into a queue; partB: and the timer task writes the website access logs in the queue into a database, regularly adjusts the website address information in the first-level comparison table, the second-level comparison table and the third-level comparison table of the website accessed by the user, and automatically merges the access log information in the website access log table named surfingCurHour into the website access log table named surfingDaily at the time point set by the user.
The following is specifically set forth:
partA: a message processing task, which specifically works as follows (see fig. 1):
1. when a message enters the router, the type of the message is identified through a DPI identification technology, if the message is not a pseudo browser message and is a TCP message, the opposite end port number 80 is regarded as an http message, and the next processing is carried out.
2. If the http request message is sent by the intranet Host, only messages beginning with GET and not containing information of gif, jpg, js and the like are processed, and Host messages with non-empty fields are required. Then GET URI information followed by the GET field, and information of the Host field. Matching freq _ addr according to the information of the Host field, continuing to match comn _ addr if not found, and setting the website type to be 0 (unclassified) if not found. Then, according to the website category information, whether the website belongs to the website category range allowed to access is judged (unclassified and tentatively allowed), if not, the message is discarded, and therefore the user is prohibited from accessing the website of the category.
If the website is allowed to access, the information of the Referer field in the message is further obtained. And if the Referer information is not empty, recording the Referer information as URI information, otherwise, combining the Host information and the information behind the GET as URI information. And after the URI information is obtained, storing the URI information, the intranet host number and other information in a dynamically allocated node, setting a flag field as CHECKREQ, then inserting the CHECKREQ into a queue, and determining whether to write the flag field into a database or not according to the flag field value when a timer is overtime.
3. If the HTTP reply message is sent from the server, checking whether the HTTP return value in the message is 200 (success) or 304 (content is not modified). If so, and the flag field value is CHECKREQ, the flag field is changed to CHECKREPLY indicating that the web page was successfully accessed.
partB: and the timer task with the overtime time of 10s is mainly used for finishing the operation of writing the webpage access log information into a database and other database processing operations. This task works in detail as follows (see fig. 2):
1. if the creation of the relational database table is not successful, it is created first. The table surfingCurHour stores the last 1 hour website visitation records, and the table surfingdata stores all website visitation records. Every 1 hour, records in surfingCurHour are moved to surfingdata.
The table sitallel needs to be manually edited and then put into a U disk, and is not automatically created by the router. The most complete website category information is stored in the table, but since the table is too large and the search is time-consuming, some search work is only performed at night when the equipment is idle (e.g. 1 am).
The table siteomn stores common websites screened from table sitall, and also stores the websites manually, such as a U disk.
The top 1000 records with the highest number of visits counted according to surfingdata are stored in table sitefreq. If there is no table to create, the table contents are initially the same as table siteomn.
2. Each time 300 records are removed from the queue, if the flag field is CHECKREPLY, the URI and information about the host, time, etc. are written into the table surfingCurHour of the database. And when the data base is written, generating a historyid according to the current time, the intranet host ip and the URI information. Where the time portion needs to be processed, if the number of seconds is less than 9, then 9 is taken, if less than 19, then 19 is taken, and so on. The part of the URI information used for calculation does not exceed 64 bytes, and if the URI information exceeds 64 bytes, the last 64-byte part is taken. Since historyid is defined as the primary key, the historyid is the same and replaced when writing to the database. Thus the same recording will only be recorded once in 10 seconds due to the special handling of the time part.
3. Records in the table surfingCurHour are moved to surfingDaily every 1 hour. If the current time is 1 point in the morning, a statistical table surfingDaily is used, 1000 websites with the largest access times are counted according to the Host field of the main station, if the types of the websites in the 1000 websites with high access frequency are 'unclassified', the websites are inquired in a sitall table, if the types of the websites with high access frequency are not inquired, the initial part of the domain name is changed into www and then is searched in the sitall table, and if the types of the websites with high access frequency are not inquired, the websites are classified into 'unclassified'. Then, these 1000 pieces of station information are updated to the sitefreq table and to the fqt _ addr variable in the memory.
The foregoing shows and describes the general principles, essential features, and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (6)
1. A WEB classification control and log audit method is characterized by comprising the following steps:
(1) identifying a website access message, and inserting information to be recorded into a queue;
after the message is identified, performing type matching on the identified HTTP request message and website information stored in a website library, and judging whether the website corresponding to the HTTP request message belongs to a website category range allowed to be accessed; if the website corresponding to the HTTP request message is judged to belong to a website allowed to be accessed, further acquiring information of a Referer field in the message, adopting different strategies according to the Referer field, recording the content of the field if the field is not empty, or splicing the content behind the Host field and the GET field and then recording the spliced content into a memory queue to avoid recording a large amount of useless information;
after receiving an HTTP request message and acquiring website information of an accessed website and a control type thereof, establishing a corresponding flow node according to quintuple information of the message, adding the node into a memory queue, and automatically maintaining an initial state named CHECKREQ by each flow node newly added into the queue; on the basis of the state, if a response message for accessing the website is received and the http state value is 200, namely success or 304, namely no modification is carried out, the state of the corresponding node flow in the queue is switched to CHECKREPLY; and in the subsequent operation of writing the data base by the timer, only the state CHECKREPLY is actually moved out of the queue and written into the data base; therefore, under the condition of website access failure, records of website access cannot be left, so that inaccessible website access log information sent by a browser is filtered, and audit and processing of invalid access logs are reduced;
(2) and writing the website access logs in the queue into a database through a timer task.
2. The method for WEB classification control and log audit as claimed in claim 1, wherein in the step (1), a DPI technology is adopted to identify a real HTTP request message.
3. The method of claim 2, wherein DPI is used to analyze whether the message contains an Accept-Encoding field, and if not, the message is considered as a browser message.
4. The method according to claim 1, wherein the WEB site library comprises a third-level comparison table for storing complete WEB site library information, a second-level comparison table for storing WEB site information of popular websites selected from the third-level comparison table, and a first-level comparison table for storing WEB site information of websites most frequently visited by a user recently, and when performing type matching, the WEB site library is matched with information in the first-level comparison table first, if not found, the WEB site library is continuously matched with the second-level comparison table, if not found, the WEB site library is matched with the third-level comparison table, and if not found, the WEB site type is recorded as unclassified.
5. The method of WEB classification control and log audit according to claim 4, wherein after the website access log is saved in the database, the information stored in the first-level comparison table is continuously updated dynamically according to the website access log information recorded in the database.
6. The method of WEB classification control and log audit according to claim 1, wherein the database includes two data tables, the first data table stores log information of website visits in a recent period of time, the second data table stores all log information of website visits, and the data in the first data table is moved to the second data table within a specified time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310248048.XA CN104239353B (en) | 2013-06-20 | 2013-06-20 | WEB classification control and log audit method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310248048.XA CN104239353B (en) | 2013-06-20 | 2013-06-20 | WEB classification control and log audit method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104239353A CN104239353A (en) | 2014-12-24 |
| CN104239353B true CN104239353B (en) | 2019-12-31 |
Family
ID=52227436
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310248048.XA Active CN104239353B (en) | 2013-06-20 | 2013-06-20 | WEB classification control and log audit method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104239353B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104639443A (en) * | 2015-02-16 | 2015-05-20 | 杭州华三通信技术有限公司 | Method and device for rapidly forwarding message |
| CN105991634A (en) * | 2015-04-29 | 2016-10-05 | 杭州迪普科技有限公司 | Access control method and apparatus |
| CN105491027B (en) * | 2015-11-25 | 2019-01-01 | 广西职业技术学院 | The method and system that HTTP connection request is filtered based on URL |
| CN106067876B (en) * | 2016-05-27 | 2019-08-16 | 成都广达新网科技股份有限公司 | A kind of HTTP request packet identification method based on pattern match |
| CN108512720B (en) * | 2018-03-02 | 2021-01-26 | 杭州迪普科技股份有限公司 | Website traffic statistical method and device |
| CN109547421A (en) * | 2018-11-08 | 2019-03-29 | 锐捷网络股份有限公司 | A kind of method and device for the URL that audits |
| CN112069254B (en) * | 2020-08-21 | 2022-07-08 | 苏州浪潮智能科技有限公司 | Djangorestframe-based log recording method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101958912A (en) * | 2010-10-28 | 2011-01-26 | 华为技术有限公司 | Classification level query method, system and uniform resource locator server |
| CN102098328A (en) * | 2010-12-10 | 2011-06-15 | 华为技术有限公司 | Method and equipment for correlating hypertext transport protocol (HTTP) streams |
| CN102098229A (en) * | 2011-03-04 | 2011-06-15 | 北京星网锐捷网络技术有限公司 | Method and device for optimizing and auditing uniform resource locator (URL) as well as network device |
| CN103118007A (en) * | 2013-01-06 | 2013-05-22 | 瑞斯康达科技发展股份有限公司 | Method and system of acquiring user access behavior |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2000234758A1 (en) * | 2000-01-28 | 2001-08-07 | Websense, Inc. | Automated categorization of internet data |
-
2013
- 2013-06-20 CN CN201310248048.XA patent/CN104239353B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101958912A (en) * | 2010-10-28 | 2011-01-26 | 华为技术有限公司 | Classification level query method, system and uniform resource locator server |
| CN102098328A (en) * | 2010-12-10 | 2011-06-15 | 华为技术有限公司 | Method and equipment for correlating hypertext transport protocol (HTTP) streams |
| CN102098229A (en) * | 2011-03-04 | 2011-06-15 | 北京星网锐捷网络技术有限公司 | Method and device for optimizing and auditing uniform resource locator (URL) as well as network device |
| CN103118007A (en) * | 2013-01-06 | 2013-05-22 | 瑞斯康达科技发展股份有限公司 | Method and system of acquiring user access behavior |
Non-Patent Citations (2)
| Title |
|---|
| 基于分区的网络行为监控系统数据库设计与优化研究;韩巧玲;《中国优秀硕士学位论文全文数据库》;20110415(第4期);正文第26-39页 * |
| 网络环境下的日志监控与安全审计系统研究与实现;石彪;《中国优秀硕士学位论文全文数据库》;20060315(第3期);正文第21-30,44-48页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104239353A (en) | 2014-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104239353B (en) | WEB classification control and log audit method | |
| RU2601201C2 (en) | Method and device for analysis of data packets | |
| US9495379B2 (en) | Locality aware, two-level fingerprint caching | |
| US20150074289A1 (en) | Detecting error pages by analyzing server redirects | |
| CN103118007B (en) | A kind of acquisition methods of user access activity and system | |
| CN107239701B (en) | Method and device for identifying malicious website | |
| WO2015149629A1 (en) | Dns behavior processing method, device and system | |
| CN104794228A (en) | Search result providing method and device | |
| CN109981627B (en) | Method and system for updating network threat information | |
| US20210133079A1 (en) | Validation of log files using blockchain system | |
| US10893067B1 (en) | Systems and methods for rapidly generating security ratings | |
| JP2010072984A (en) | Log management server | |
| CN112262379A (en) | Storing data items and identifying stored data items | |
| US9111261B2 (en) | Method and system for management of electronic mail communication | |
| US9177034B2 (en) | Searchable data in an object storage system | |
| CN110008197A (en) | A kind of data processing method, system and electronic equipment and storage medium | |
| WO2017000592A1 (en) | Data processing method, apparatus and system | |
| CN109255254A (en) | A kind of data base authority management method, device, equipment and storage medium | |
| US10742668B2 (en) | Network attack pattern determination apparatus, determination method, and non-transitory computer readable storage medium thereof | |
| US11080239B2 (en) | Key value store using generation markers | |
| CN103036726A (en) | Method and device for network user management | |
| US8161013B2 (en) | Implementing application specific management policies on a content addressed storage device | |
| US9898485B2 (en) | Dynamic context-based data protection and distribution | |
| CN115001724B (en) | Network threat intelligence management method, device, computing equipment and computer readable storage medium | |
| JP2009199385A (en) | Information management unit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A method for web classification control and log auditing Granted publication date: 20191231 Pledgee: Industrial Bank Co.,Ltd. Shanghai South thebund sub branch Pledgor: SHANGHAI BAUD DATA COMMUNICATION Co.,Ltd. Registration number: Y2024310000669 |